<?php
/****************************************************************************

	COPYRIGHT(C) WWW.MAXSI.DK, MAXSI SOFTWARE, SORTIE 2009
	ALL RIGHTS RESERVED

	Maxsi Distribution Shared/ Branch
	Scripts shared by the MasterServer/ and ContentServer/ Branch of the Maxsi
	Distribution Server-Side Code Branches.
	
	account.php
	Include Header for access to the account system.
	Requires the database system included at this point.

****************************************************************************/

$md_accountsys		=	false;

// If we have a database, simply proceed.
if ($md_db)
{
	$md_accountsys		=	true;
	$md_account			=	0;
	$md_account_name	=	'';
	$md_account_admin	=	false;
	$md_session			=	0;
	$md_accounterror	=	'';
	
	function	md_LogIn()
	{		
		global	$md_sql;
		global	$md_sql_total;
		global	$md_sql_row;
		global	$md_account;
		global	$md_session;
		global	$md_accounterror;
		global	$md_account_admin;
		global	$md_account_name;		
	
		// See if the user already is logged in, or already have a session.
		if (isset($_COOKIE['md_session']))
		{
			
			md_sql_once("DELETE FROM ".md_GetDatabaseName('usersessions')." WHERE expire < '".md_stamp2date(time())."'");		

			$query	=	"SELECT userid FROM ".md_GetDatabaseName('usersessions')." WHERE id = '". md_SlashGlobalVar($_COOKIE['md_session']) . "' AND ip = '". md_SlashGlobalVar($_SERVER['REMOTE_ADDR'])."' AND expire > '".md_stamp2date(time())."' LIMIT 1";

			$slot	=	md_sql($query);
			
			if ( $md_sql_total[$slot] > 0 )
			{
				// There exists such a session
				$md_account		=	$md_sql_row[$slot]['userid'];
				$md_session		=	$_COOKIE['md_session'];	
			}
			else
			{
				// Such a session does not exist!
				$md_session		=	0;
				setcookie("md_session",'',0);
				
			}
			
			md_clearslot($slot);
		}
		if ( $md_session == 0 )
		{			
			md_sql_once("DELETE FROM ".md_GetDatabaseName('usersessions')." WHERE ip = '". md_SlashGlobalVar($_SERVER['REMOTE_ADDR'])."'; ");
			md_sql_once("INSERT INTO ".md_GetDatabaseName('usersessions')." (`id`,`ip`,`userid`,`expire`) VALUES ( NULL, '". md_SlashGlobalVar($_SERVER['REMOTE_ADDR'])."', 0, '".md_stamp2date(time()+60*30)."'); ");
			$slot		=	md_sql("SELECT id FROM ".md_GetDatabaseName('usersessions')." WHERE ip = '". md_SlashGlobalVar($_SERVER['REMOTE_ADDR'])."'; ");
				
			$md_session	=	$md_sql_row[$slot]['id'];
			
			setcookie("md_session",$md_session,0);
						
			md_clearslot($slot);
		}
		else
		{
			md_sql_once("UPDATE `".md_GetDatabaseName('usersessions')."` SET `expire` = '".md_stamp2date(time()+60*30)."' WHERE `".md_GetDatabaseName('usersessions')."`.`id` = '".md_SlashGlobalVar($md_session)."' LIMIT 1 ;");		
		}
		if ( $md_session && $md_account == 0 && isset($_POST['user']) && isset($_POST['pass']) )
		{
			$slot	=	md_sql("SELECT id, admin, username FROM ".md_GetDatabaseName('users')." WHERE username = '". md_SlashGlobalVar($_POST['user']) . "' AND password = '". md_SlashGlobalVar(sha1($_POST['pass']))."' LIMIT 1");
	
			if ( $md_sql_total[$slot] )
			{
				$md_account			=	$md_sql_row[$slot]['id'];
				$md_account_admin	=	$md_sql_row[$slot]['admin'];
				$md_account_name	=	$md_sql_row[$slot]['username'];
				
				md_sql_once("UPDATE `".md_GetDatabaseName('usersessions')."` SET `userid` = '".md_SlashGlobalVar($md_account)."' WHERE `".md_GetDatabaseName('usersessions')."`.`id` = '".md_SlashGlobalVar($md_session)."' LIMIT 1 ;");			
			}
			else
			{
				$md_account			=	0;	
				$md_accounterror	=	'Wrong Username/Password Combination.';
			}
			
			md_clearslot($slot);
		}
		else if ( $md_session && $md_account )
		{
			$slot	=	md_sql("SELECT admin, username FROM ".md_GetDatabaseName('users')." WHERE id = '". $md_account ."' LIMIT 1");
			
			$md_account_admin	=	$md_sql_row[$slot]['admin'];
			$md_account_name	=	$md_sql_row[$slot]['username'];
			
			md_clearslot($slot);			
		}
		
		unset($_POST['pass']);
	}
	
	function md_id2username($id)
	{
		global	$md_sql;
		global	$md_sql_total;
		global	$md_sql_row;
	
		$slot	=	md_sql("SELECT username FROM ".md_GetDatabaseName('users')." WHERE id = '".$id."'");
		
		if ( $md_sql_total[$slot] )
		{
			$result		=	$md_sql_row[$slot]['username'];
		}
		else
		{
			$result		=	false;
		}
		
		md_clearslot($slot);
		
		return $result;
	}

	
	md_LogIn();	

}
?>